What you should know about Tactical Control Center

Introduction

Tactical Control Center is an application installed on a notebook, called Tactical Network Injector.

It can connect to a protected WiFi network, infect devices thanks to RCS identification and injection rules or infect manually identified devices.

The identification and infection rules are the same as those used for Network Injector Appliance, with the sole difference that Tactical Network Injector provides an additional "manual" identification rule. Thus the operator identifies the device to be infected and applies the injection rules to that device.

Tactical Control Center operations

With Tactical Control Center you can:

NOTE: the injection network can be external or an open WiFi network simulated by the Tactical Control Center.

Infection via automatic identification

The steps needed to infect devices automatically identified by RCS rules are described below. The attack can be run on wired or WiFi networks:

Phase Description Where
1 Prepare identification and injection rules for known targets to be attacked. Send the rules to Tactical Network Injector. RCS Console, System, Network Injector
2 Enable synchronization with RCS to receive updated rules. Tactical Network Injector, Network Injector
3 If target devices are connected to a protected WiFi network, acquire the password. Tactical Network Injector, Wireless Intruder
4

The system sniffs, traffic, identifies target devices thanks to identification rules and infects them thanks to injection rules.

Tactical Network Injector, Network Injector
5 If necessary, force re-authentication on devices not identified by the rules.
Infection via manual identification

Following are the steps required to infect manually identified devices. The operator's goal is to identify target devices.

The attack can be run on wired or WiFi networks:

Phase Description Where
1 Prepare identification rules that include manual identification and injection rules for all the target devices to be attacked. Send the rules to Tactical Network Injector. RCS Console, System, Network Injector
2 Enable synchronization with RCS to receive updated rules. Tactical Network Injector, Network Injector
3 If target devices are connected to a protected WiFi network, acquire the password. Tactical Network Injector, Wireless Intruder
4 If target devices can connect to an open WiFi network, try emulating an Access Point known by the target. Tactical Network Injector,Fake Access Point
5

The system proposes all devices connected to the selected network interface. Use filters to search for target devices or check the web chronology for each device.

Tactical Network Injector, Network Injector
6 Select devices and infect them.
Enable synchronization with RCS

The Tactical Control Center must receive updated identification and injection rules from RCS and simultaneously send its logs.

In this communication, RCS, at set intervals (about 30 sec.) tries to communicate with Tactical Network Injector. In Tactical Control Center, decide when to enable synchronization using the Network Injector function.

Protected WiFi network password acquisition

If the target device is connected to a protected WiFi network, the access password must be obtained to login.

The Wireless intruder function lets you connect to a WiFi network and crack the password. The password is displayed and the operator can copy it to use it with the sniffing and injection function (Network Injector function).

Infection via automatic identification

This work mode is suited for situations when some target device information is known (i.e.: IP address).

In this case, RCS injection rules include all the data required to automatically identify target devices.

Starting automatic identification using the Network Injector function gradually displays target devices that are immediately infected by the injection rules.

Forcing unknown device authentication

You may not be able to connect to some devices in a password protected WiFi network. These types of devices appear in the list as unknown.

In this case, their authentication can be forced: the device will disconnect from the network, reconnect and be identified.

Infection via manual identification

Manual identification can be indicated in RCS identification rules. This procedure is frequently run when there is no information on the device to be infected and it must be identified on the field.

In this case, a series of functions to select devices connected to the network is available to the operator:

Once target devices are identified, simply select them to start infection; the identification rules are "customized" with the device data to allow injection rules to be applied.

Setting filters on tapped traffic

When manually identifying targets, some targets may not be identified among those connected to the network. In this case, use the Network Injector function to set filters on tapped traffic.

Tactical Control Center provides to types of filters:

Filter with regular expression

Regular expressions are broad filters. For example, if our target is visiting a Facebook page and talking about windsurf, simply enter "facebook" or "windsurf".

Tactical Network Injector taps all traffic data and searches for the entered words.

For further information on all admitted regular expressions, see https://en.wikipedia.org/wiki/Regular_expression .

BPF (Berkeley Packet Filter) network filter

This is used to more accurately filter devices using BPF syntax (Berkeley Packet Filter). This syntax includes key words accompanied by qualifiers:

For example, if our target is visiting a Facebook page, enter "host facebook.com"

For further details on syntax qualifiers, see http://wiki.wireshark.org/CaptureFilters.

Identifying a target by analyzing the chronology

Another way to filter and shorten the list of possible targets is to analyze device web traffic to identify it as the target.

Emulating an Access Point known by the target

In some cases you may need to attract target devices in an open WiFi network to then tap data, identify and infect them.

To do this, Tactical Network Injector emulates an Access Point already known to the target device.

When the target device (if set) searches for an open WiFi network, it will find the Tactical Network Injector network, recognize and connect to it.

This way, injection rules can be freely applied.

RCS8.2 | User's and Installation Guide | © COPYRIGHT 2012